ClawHub

maldives-island-picker

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Maldives travel-planning skill, with disclosed web searches, an external product lookup, and local report export behavior.

Install only if you are comfortable with a travel skill that may run an external npm CLI for FlyAI product lookup, send trip preferences to search/product services, and save a local report file. In sensitive workspaces, skip the npx lookup and check the output filename/location before export.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to execute an external package via `npx @fly-ai/flyai-cli ...`, which introduces supply-chain and command-execution risk into a travel recommendation workflow. Even with basic input validation, invoking a remote CLI is unnecessary for core recommendation logic and exposes the environment to unreviewed code execution, package tampering, and unexpected network/data access.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill defaults to saving a generated report into the current working directory without explicit user confirmation or a constrained output path. Unprompted file creation is unnecessary for answering a recommendation request and can overwrite files, leak user data to disk, or create persistence in sensitive execution environments.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The README states that the generated report will be automatically saved to a local Markdown file, but it does not clearly warn users about the file-write side effect or obtain explicit consent first. In an agent context, undocumented local file creation can surprise users, expose sensitive travel preferences on disk, or violate least-surprise expectations even if the content itself is benign.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger conditions are intentionally broad enough to activate on generic mentions of Maldives travel, which increases the chance of accidental invocation. Overbroad triggering can cause unnecessary tool use, external searches, and file operations in contexts where the user did not ask for those actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill says it will write the report to the current working directory by default, but does not require user confirmation for the save action. This creates avoidable risk of silent disk writes, file overwrite, and local retention of potentially sensitive travel preferences or links.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The activation guidance explicitly says to load this reference when the user says broad phrases like “随便推荐” and later includes fallback prompts such as “都行”“你帮我选就好.” These are common conversational phrases that can appear outside a clearly bounded Maldives-island-selection request, so the skill may activate too eagerly and steer unrelated conversations into this workflow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal